The attachment "keepalived_debian_ah.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu High Availability Team, which is subscribed to keepalived in Ubuntu. https://bugs.launchpad.net/bugs/1356575 Title: VRRP AH auth_type broken in 1.2.7 Status in “keepalived” package in Ubuntu: New Bug description: A bug in keepalived 1.2.7 causes VRRP peers to ignore each other's VRRP packets leading to a "multi-master" situation. The logs show the following: Aug 13 11:30:53 lb04 Keepalived_vrrp[22093]: bogus VRRP packet received on eth0 !!! Aug 13 11:30:53 lb04 Keepalived_vrrp[22093]: VRRP_Instance(PRIV) ignoring received advertisment... Aug 13 11:30:54 lb04 Keepalived_vrrp[22093]: receive an invalid ip number count associated with VRID! Aug 13 11:30:54 lb04 Keepalived_vrrp[22093]: bogus VRRP packet received on eth0 !!! Aug 13 11:30:54 lb04 Keepalived_vrrp[22093]: VRRP_Instance(PRIV) ignoring received advertisment... Aug 13 11:30:55 lb04 Keepalived_vrrp[22093]: receive an invalid ip number count associated with VRID! From 1.2.8 changelog: * Ryan O'Hara fixed pointer arithmetic for VRRP packet. When using IPSEC AH authentication, the pointer arithmetic used to get the location of the VRRP packet is incorrect. The address of the IPSEC header must be cast as (char *) in order to get correct address of the VRRP packet. Without this patch, vrrp_in_chk() will fail to verify incoming VRRP packets when IPSEC AH is enabled. Please either update the package or backport the fix. The fix involves updating a single line in vrrp.c: --- keepalived-1.2.7/keepalived/vrrp/vrrp.c.orig 2012-08-16 16:21:28.000000000 -0700 +++ keepalived-1.2.7/keepalived/vrrp/vrrp.c 2014-08-13 13:09:48.289648524 -0700 @@ -238,7 +238,7 @@ if (vrrp->auth_type == VRRP_AUTH_AH) { ah = (ipsec_ah *) (buffer + ihl); - hd = (vrrp_pkt *) (ah + vrrp_ipsecah_len()); + hd = (vrrp_pkt *) ((char *) ah + vrrp_ipsecah_len()); } else { hd = (vrrp_pkt *) (buffer + ihl); } Attached is a patch (keepalived_debian_ah.patch) to be applied to the debian directory, patches the series file and puts the above patch in place. OS: Ubuntu 14.04 LTS Package: keepalived 1:1.2.7-1ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keepalived/+bug/1356575/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-ha Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-ha More help : https://help.launchpad.net/ListHelp
